Solved

ASP and SQL

Posted on 1998-12-08
2
190 Views
Last Modified: 2010-03-19
It's with regards to the ASP, and session vairables.
I am doing a Web site where it's security enforced.It's similiar in the project you assigned us.  A user logs in and from that login we determine was information they are allowed to see and what they can access.  So reference to the login variable is gonna be needed all throughout
the pages.  So session variables are the way to go right?  But session variables don't last long...(default is 20) I am gonna need it for more than that and well all I have to do is set the timeout for the session to be a larger number.  That will do it won't it?  Pretty sure it will
providing the timeout period is longer right?  I would be able to talk to different pages within a frameset and the session variable would still be alive right?  Is this my best approach or is there a better option.
Thanks for any HELP.

0
Comment
Question by:lobos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Expert Comment

by:sybe
ID: 1092157
The sessionvariables "die" x minutes after the last user's activity. So they won't die when a user is visiting your website and asking for pages for about 2 hours.
Sessionvariables are bound to cookies, so the browser has to accept cookies. I am not sure how "hack-resistant" cookies are, so if your information is very sensitive, you might want to use another solution then session-variables (for example NT-security, you can ask for login-name with ASP).

About this "hacking": I have never really tried to do it. But I noticed that ASP-cookies have a code that is given out in a certain order to new visitors. So if visitor A gets cookie "ASP-4565421" visitor be would get "ASP-4565422". Someone could try to change the value of the cookie in his browser and get the security of another user.

Maybe it is possible to make the ASP-cookies be more random, I haven't looked for it. I solve possible security stuff through NT-security and use cookies (and sessionvariables) only for non-sensitive things.
0
 

Accepted Solution

by:
ny_sky earned 20 total points
ID: 1092158
If Transaction Server is a possibility then you can utilize the role assignments for a given package.  You can add NT groups to each package and validate whether or not a user is in a particular group through the Object Context.  The method "IsCallerInRole" will check to see if that user is in the role (or group) you have created.  Based on the value returned you can use a simple if statement in the asp page and populate the values applicable to their security level.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction In my previous article (http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SSIS/A_9150-Loading-XML-Using-SSIS.html) I showed you how the XML Source component can be used to load XML files into a SQL Server database, us…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question